com.liferay:com.liferay.gogo.shell.web@2.0.20 vulnerabilities
-
latest version
5.0.28
-
first published
7 years ago
-
latest version published
4 months ago
-
licenses detected
- [1.0.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the com.liferay:com.liferay.gogo.shell.web package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the shell output. How to fix Cross-site Scripting (XSS)? Upgrade |
[,5.0.2)
|
Affected versions of this package are vulnerable to Command Injection via the Gogo Shell module. A user with high privileges can execute any OS command using the module. Note: This CVE is disputed since it is a feature for administrators to access and execute commands in Gogo Shell and therefore not a design flaw How to fix Command Injection? There is no fixed version for |
[0,)
|